tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 06:05:56 +00:00
Code Issues Projects Releases Wiki Activity

Added EDIT_PERMISSIONS permission code for SecurityAdmin

Browse Source 
Added LeftAndMain::alternateAccessCheck() / alternateMenuDisplayCheck() so that subsite could hook a new security model into the admin
Added support for Group::alternateTreeTitle() to allow subsites to put *s before global groups

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@41098 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2007-08-31 00:31:49 +00:00
parent 62c2237773
commit 1739d9932a
2 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
code/LeftAndMain.php
View File

@ -14,18 +14,27 @@ abstract class LeftAndMain extends Controller {
parent::init(); parent::init();
// Security check for LeftAndMain sub-class permissions // Allow customisation of the access check by a decorator
if(!Permission::check("CMS_ACCESS_$this->class")) { if($this->hasMethod('alternateAccessCheck')) {
// When access /admin/, we should try a redirect to another part of the admin rather than a $isAllowed = $this->alternateAccessCheck();
if($this->class == 'CMSMain') {
// Default security check for LeftAndMain sub-class permissions
} else {
$isAllowed = Permission::check("CMS_ACCESS_$this->class");
if(!$isAllowed && $this->class == 'CMSMain') {
// When access /admin/, we should try a redirect to another part of the admin rather than be locked out
$menu = $this->MainMenu(); $menu = $this->MainMenu();
if(($first = $menu->First()) && $first->Link) { if(($first = $menu->First()) && $first->Link) {
Director::redirect($first->Link); Director::redirect($first->Link);
return;
} }
} }
}
// Don't continue if there's already been a redirection request.
if(Director::redirected_to()) return;
// Access failure!
if(!$isAllowed) {
$messageSet = array( $messageSet = array(
'default' => "Enter your email address and password to access the CMS.", 'default' => "Enter your email address and password to access the CMS.",
'alreadyLoggedIn' => "I'm sorry, but you can't access that part of the CMS. If you want to log in as someone else, do so below", 'alreadyLoggedIn' => "I'm sorry, but you can't access that part of the CMS. If you want to log in as someone else, do so below",
@ -213,7 +222,15 @@ abstract class LeftAndMain extends Controller {
$itemsWithPermission = 0; $itemsWithPermission = 0;
foreach($menuSrc as $title => $menuItem) { foreach($menuSrc as $title => $menuItem) {
if(is_numeric($title) && isset($menuItem['title'])) $title = $menuItem['title']; if(is_numeric($title) && isset($menuItem['title'])) $title = $menuItem['title'];
if(!isset($menuItem[2]) || Permission::check("CMS_ACCESS_$menuItem[2]")) {
if(isset($menuItem[2])) {
if($this->hasMethod('alternateMenuDisplayCheck')) $isAllowed = $this->alternateMenuDisplayCheck($menuItem[2]);
else $isAllowed = Permission::check("CMS_ACCESS_" . $menuItem[2]);
} else {
$isAllowed = true;
}
if($isAllowed) {
// Count up the number of items that have specific permission settings // Count up the number of items that have specific permission settings
if(isset($menuItem[2])) $itemsWithPermission++; if(isset($menuItem[2])) $itemsWithPermission++;

12
code/SecurityAdmin.php
View File

@ -1,6 +1,6 @@
<?php <?php
class SecurityAdmin extends LeftAndMain { class SecurityAdmin extends LeftAndMain implements PermissionProvider {
static $tree_class = "Group"; static $tree_class = "Group";
static $subitem_class = "Member"; static $subitem_class = "Member";
@ -58,6 +58,8 @@ class SecurityAdmin extends LeftAndMain {
) )
); );
if(!Permission::check('EDIT_PERMISSIONS')) $fields->removeFieldFromTab('Root', 'Permissions');
$memberList->setController($this); $memberList->setController($this);
$fields->push($idField = new HiddenField("ID")); $fields->push($idField = new HiddenField("ID"));
@ -220,7 +222,7 @@ class SecurityAdmin extends LeftAndMain {
$siteTree = $obj->getChildrenAsUL("", $siteTree = $obj->getChildrenAsUL("",
' "<li id=\"record-$child->ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' . ' "<li id=\"record-$child->ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' .
' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' . ' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' .
' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->Title . "</a>" ',$this); ' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->TreeTitle() . "</a>" ',$this);
$siteTree = "<ul id=\"sitetree\" class=\"tree unformatted\">" . $siteTree = "<ul id=\"sitetree\" class=\"tree unformatted\">" .
"<li id=\"record-0\" class=\"Root\">" . "<li id=\"record-0\" class=\"Root\">" .
@ -329,6 +331,12 @@ class SecurityAdmin extends LeftAndMain {
return $memberListField->renderWith('MemberList_Table'); return $memberListField->renderWith('MemberList_Table');
} }
function providePermissions() {
return array(
'EDIT_PERMISSIONS' => 'Edit Permissions on each Group',
);
}
} }
?> ?>